Privacy at Knowmadics
Your data. Your digital experience. Controlled by you.
This notice applies to all users of our applications and services operated by Knowmadics and including but not limited to 360° Aware®. Users include but are not limited to client employees, contractors, and/or family members of users.
Data Subject – “Data Subject” means any identified or identifiable natural person whose personal data is being collected, held or processed. Users of Knowmadics’ services and 360° Aware® and their dependents/guests are data subjects in this context.
Personal data – “Personal Data” means any information relating to an identified or identifiable natural person (Data Subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Data Processing – “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data Controller and Data Processor Details
Knowmadics acts as both a data controller and a data processor. In operating the 360° Aware® application, Knowmadics processes data for client/customers. Clients/customers of 360° Aware® are data controllers for whom Knowmadics processes data. Knowmadics also determines the purposes and means of processing personal data. In this role Knowmadics is a data controller.
Data Protection Principles
In relation to your personal data, we will:
- process it fairly, lawfully and in a clear, transparent way
- collect your data only for reasons that we find proper for the utilization of the application in ways that have been explained to you
- only use it in the way that we have explained to you
- ensure it is correct and up to date
- keep it for only as long as we need it
- process it in a way that ensures it will not be used for anything for which you are not aware or given consent (as appropriate), lost or destroyed
Types of Data We Process
For the purposes and functions of the application, data that may be processed regarding users and their dependents and/or guests includes:
- personal details – name, username, password, call sign, call sign type, email, phone number, company, position, visa type, hire date, photo
- employment information – call sign, call sign type, company, position
- emergency contact information – name, relationship, phone number
- passport information – passport number, name and surname, nationality, date of birth, place of birth, date of issue, date of expiration
- medical or health information – body weight
- location information – date, place, address, latitude, longitude
- camera data – video/audio
- mobile device data – video/audio
- smart watch data – audio
- drone data – video/audio
Special Categories of Data
Special categories of data as defined by the GDPR are data relating to your:
- sex life
- sexual orientation
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- genetic and biometric data
We must process special categories of data in accordance with more stringent guidelines. Most commonly, we will process special categories of data when the following applies:
- You have given explicit consent to the processing.
- We must process the data in order to carry out our legal obligations.
- We must process data for reasons of substantial public interest.
- You have already made the data public.
For the purposes of the 360° Aware® application we will use your and your children’s/dependents’ following special category data:
- Medical information – body weight
Purpose of processing the special category data, medical information – bodyweight:
- Calculation of weight requirements/limitations for chartered flights
To process this special category data we ask for your consent at the end of this policy. A checkbox will be presented at the end of this agreement to receive your consent and to confirm your full understanding of this requirement.
Children’s/Dependents’ Special Category Data
If your children/dependents will be using 360° Aware® and our related services as a user, at the creation of your child’s/dependent’s user account, a separate consent checkbox will be present, which will confirm your understanding and consent to the processing of your child’s/dependent’s special category data for the limited purpose of calculating weight requirements for chartered flights.
Withdrawal of Consent
In all cases in which Knowmadics seeks consent from you, you will have full control over your decision to give, withhold, or withdraw consent and there will be no consequences where consent is withheld. As the parental authority for your child/dependent you will also be able to withdraw consent for the processing of your child’s/dependent’s special category data. Consent, once given, may be withdrawn at any time. There will be no consequences where consent is withdrawn. To withdraw your consent please fill out the Knowmadics GDPR Data Subject Rights Request Form.
How We Collect Your Data
Data is collected from submission of your personal information by you or your employer at your 360° Aware® user profile creation. Continual collection of your personal data, such as geolocation from mobile devices, will be done in the course of the utilization of the 360° Aware® application for the purposes of the application’s location and status update services.
Storage of Data
As a U.S. based company Knowmadics ensures adequate safeguards in transferring personal data outside of the European Union. Personal data is transferred in accordance with GDPR guidelines to transfers to third countries with coverage by the EU-U.S. Privacy Shield and standard contractual clauses and will be held in the following cloud service providers in the respective region/availability zones.
- Microsoft Azure – US-EAST Northern Virgina
- Amazon Web Services – US-EAST Ohio
EU-U.S. Privacy Shield
Knowmadics complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Frameworks; as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and its Member States, the European Economic Area, the United Kingdom and/or Switzerland to the United States. Knowmadics has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To view Knomadics’ EU-U.S. Privacy Shield Policy please click here. To learn more about the Privacy Shield program, and to view Knowmadics’ certification, please visit https://www.privacyshield.gov/.
Why We Process Your Data
The GDPR allows us to process your data for certain reasons only:
- in order to perform the contract that we are party to
- in order to carry out legally required duties
- in order for us to carry out our legitimate interests
- in order to protect your interests
- for the purpose of public interest.
All of the processing carried out by Knowmadics falls into one of the permitted reasons. In the context of 360° Aware® the legitimate uses Knowmadics is relying on are:
- contractual obligations
- legitimate interests to protect data subjects interest
- carrying out legally required duties if applicable
We also process data so that we can carry out activities which are in the legitimate interests of Knowmadics. We have set these out below:
- legal proceedings and requirements such as inquiries by supervisory authorities, regulators and government entities
- preventing fraud
- ensuring our administrative and IT systems are secure and robust against unauthorized access
- ensuring the functions of the application are operating correctly
- application feature updates
- security updates
Sharing Your Data
Knowmadics shares data with your employer as a client/customer of the 360° Aware® application for the purposes of the 360° Aware® application and to fulfill the contractual obligations with your employer.
Knowmadics may share users’ personal data if we believe it’s required by applicable law, regulation, operating license or agreement, legal process or governmental request, or where the disclosure is otherwise appropriate due to safety or similar concerns. This includes sharing personal data with law enforcement officials, public health officials, other government authorities, or other third parties as necessary to enforce our data processing agreements or other policies; to protect Knowmadics’ rights or property or the rights, safety, or property of others; or in the event of a claim or dispute relating to the use of our services.
Protecting Your Data
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction, and abuse. The security, integrity, and confidentiality of your information are extremely important to us. We have implemented technical, administrative, and physical security measures that are designed to protect your information from unauthorized access, disclosure, use, and modification. We regularly review our security procedures to consider appropriate new technology and methods. To protect your data we have implemented the following security measures:
- Monitoring of the information system to detect attacks and indicators of potential attacks that includes preparation, detection and analysis, containment, eradication, and recovery
- Identification of unauthorized use of the information system through central logging and aggregation, security monitoring, incident ticketing system, and vulnerability and configuration scanning tools
- Protection of information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion
- Heightening of the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or governments based on law enforcement information, intelligence information, or other credible sources of information
- Implementation of incident handling for personal data breach incidents
- Coordination of incident handling activities with contingency planning activities
- Incorporation of lessons learned from ongoing incident handling activities into incident response procedures, training, and testing/exercises, and implementation of the resulting changes accordingly.
How Long is Your Data Kept
In line with GDPR’s data protection principles, we only keep your data as long as we need it, which will be for the duration of the use of the application by the client/customer of the 360° Aware® application. Each contract with a client/customer is unique, and duration of the service agreement will vary. Knowmadics will store and process your personal data only for the duration agreed upon by the client/customer in providing our services.
Automated Decision Making
No decision will be made about you solely on the basis of automated decision-making (where a decision is taken about you using an electronic system without human involvement), which has a significant impact on you.
Your Rights in Relation to Your Data
Under GDPR you as a data subject have rights in relation to your personal data. To exercise these rights, you can fill out the Knowmadics Data Subject Access Request Form.
The following are the rights that you as a data subject can exercise:
- The right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.
- The right of access. You have the right to access the data that we hold. To do so, you should make a data subject access request.
- The right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it.
- The right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.
- The right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
- The right to portability. You may transfer the data that we hold on you for your own purposes.
- The right to object to the inclusion of any information. You have the right to object to the way we use your data where we are using it for our legitimate interests.
- The right to regulate any automated decision-making and profiling of personal data. You have a right not to be subject to automated decision-making in a way that adversely affects your legal rights.
Data Subject Access Request Fees
Data Subject Requests will be provided free of charge.
If the request is manifestly unfounded, excessive, or repetitive and Knowmadics chooses to process the request, a reasonable fee based on the administrative cost of providing the information will be communicated to you.
Additional Information Needed to Process A Request
If additional information is needed to complete the request Knowmadics will contact you to request the additional information necessary to fulfill the request.
Generally, information requested will be provided without delay and within a month.
Refusing a Request
Knowmadics may refuse to comply with a subject access request if it is manifestly unfounded or excessive, or if it is repetitive. In these circumstances, Knowmadics will inform you without undue delay and within one month of receipt, with explanation about why Knowmadics is unable to comply. You will be informed of the right to complain to the appropriate supervisory authority and to a judicial remedy.
Making a Complaint
Knowmadics commits to resolve complaints about your privacy and the collection or processing of your personal data. If you have any inquiries or complaints please first contact our Data Protection Officer, Chuck Corcoran, at email@example.com.
As a U.S.-based company, Knowmadics does not report to one specific supervisory authority, but respects and accommodates all GDPR-complaint supervisory authority requests. For the supervisory authority in your home country please reference the following list at the European Data Protection Boards official site:
Knowmadics has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, JAMS, which provides an independent third-party dispute resolution body based in the United States, providing investigation and assistance free of charge. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint.
Data Protection Officer
Knowmadics is dedicated to the principles laid out by the GDPR regulations and has appointed a Data Protection Officer (DPO) to oversee all data protection and data privacy matters within Knowmadics. If you have any inquiries or concerns regarding your personal data you may contact Knowmadic’s Data Protection Officer, Chuck Corcoran. He can be contacted at firstname.lastname@example.org.
- I understand my rights under this policy as a data subject and explicitly consent to the processing of my personal data for the purposes of the 360 Aware application.
- I understand my rights in relation to my Special Category Personal Data and explicitly consent to the processing of my of health information in the form of bodyweight for the purposes of the 360 Aware application.